Define two factor authentication for Postgresql Server
| From: | Nima Azizzadeh <n(dot)azizzadeh(at)gmail(dot)com> |
|---|---|
| To: | undisclosed-recipients:; |
| Subject: | Define two factor authentication for Postgresql Server |
| Date: | 2015-08-28 14:29:25 |
| Message-ID: | CAGVXacZeR0mky_txLs0cyP=BLRJN1vsTuQt5wj0aBM0eRhjMNA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers pgadmin-support pgsql-admin pgsql-general pgsql-hackers pgsql-interfaces |
Hello,
I'm going to create two factor authentication for pgadmin server...
I'm using postgresql 9.4 with pgadmin III on Linux Mint 17.2 32bit...
I already have 1 password authentication but For better security, I just
want to force 2 of them. The authentication factors could be any
things(what user has,what user knows,where user is or what user is).
for example:
The first factor is "password(what user knows)" and the second is "USB
device(what user has)". I need to force Postgresql to check both for
authenticate user and connect him to the server. I send you a screenshot
from pgAdmin server authenticate screen and I'm going to implement 2 factor
authentication for this. I not talking about OS authentication. All
authenticate operation should operate from Postgresql.
I already try this for login into pgAdmin through password and USB:
I installed pamusb pakages :
sudo apt-get install pamusb-tools libpam-usb
Although I can add devices on my pamusb config file :
pamusb-conf --add-device MyDevice
and I can define pamusb users. I added this lines to pamusb config between
<users> tags :
<user id="postgres"> <device>MyDevice</device> </user>
My guess : I think I should write module in /etc/pam.d and edit pg_hba.conf
file to define login method for local users :
local all all pam pamservice=mypam
but I don't know how to write module to force both authentication methods
for this(both are required).
Any help would be appreciated...
| Attachment | Content-Type | Size |
|---|---|---|
|
image/png | 64.2 KB |
Responses
- Re: Define two factor authentication for Postgresql Server at 2015-08-28 17:58:10 from Gunnar "Nick" Bluth
Browse pgadmin-hackers by date
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gabriel E. Sánchez Martínez | 2015-08-28 15:52:53 | PgAdmin3, SSL certificate connections refused |
| Previous Message | Prasad | 2015-08-19 19:26:53 | Re: Patch : PGPASSFILE fix |
Browse pgadmin-support by date
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sergey Grinko | 2015-08-28 15:42:34 | pgScript Scripting Language - catch exception |
| Previous Message | Dave Barter | 2015-08-28 12:20:30 | Re: Log verbosity setting (client) |
Browse pgsql-admin by date
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gunnar "Nick" Bluth | 2015-08-28 17:58:10 | Re: Define two factor authentication for Postgresql Server |
| Previous Message | Adrian Klaver | 2015-08-27 18:25:11 | Re: [GENERAL] $libdir/mysql_fdw |
Browse pgsql-general by date
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Nelson | 2015-08-28 15:02:01 | Re: UPDATE an updatable view |
| Previous Message | Anderson Abreu | 2015-08-28 14:09:10 | Re: Execute DDL across multiple servers in an automated manner |
Browse pgsql-hackers by date
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-08-28 14:30:44 | Re: What does RIR as in fireRIRrules stand for? |
| Previous Message | Tom Lane | 2015-08-28 14:20:58 | Re: What does RIR as in fireRIRrules stand for? |
Browse pgsql-interfaces by date
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gunnar "Nick" Bluth | 2015-08-28 17:58:10 | Re: Define two factor authentication for Postgresql Server |
| Previous Message | Gennady Bekasov | 2015-08-07 15:37:44 | Set PEM phrase callback and pass contents of ssl-certificates files to libpq |